This repository was archived by the owner on Sep 15, 2022. It is now read-only.
Regular Expression Denial of Service (ReDoS) #62
Description
Regular Expression Denial of Service (ReDoS)
Vulnerable module: lodash
Introduced through: semantic-release-cli@5.2.1
Detailed paths
Introduced through: @polymathnetwork/abi-wrappers@PolymathNetwork/polymath-abi-wrappers#016f858f82ee983814ce487a8de0a67b68652196 › semantic-release-cli@5.2.1 › travis-ci@2.2.0 › lodash@1.3.1
Overview
lodash is a modern JavaScript utility library delivering modularity, performance, & extras.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). It parses dates using regex strings, which may cause a slowdown of 2 seconds per 50k characters.